CVE-2021-40824

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-40824

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40824.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-40824

Aliases

GHSA-jjmc-4p83-pp26

Published

2021-09-13T19:15:19Z

Modified

2024-09-03T03:56:27.726689Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. This allows the attacker to decrypt end-to-end encrypted messages sent by affected clients.

References

Affected packages

Git / github.com/vector-im/element-web

Affected ranges

Type: GIT
Repo: https://github.com/vector-im/element-web
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

672cf1a46ed84766a5d772169d50afacba23286d

Affected versions

v0.*

v0.1.2

v0.10.0

v0.10.0-rc.2

v0.10.1

v0.10.2

v0.11.0

v0.11.0-rc.1

v0.11.0-rc.2

v0.11.1

v0.11.2

v0.11.2-rc.1

v0.11.2-rc.2

v0.11.3

v0.11.4

v0.12.0-rc.1

v0.12.1

v0.12.1-rc.1

v0.12.2

v0.12.3

v0.12.3-rc.1

v0.12.3-rc.2

v0.12.3-rc.3

v0.12.4

v0.12.4-rc.1

v0.12.5

v0.12.6

v0.12.7

v0.12.7-rc.1

v0.12.7-rc.2

v0.12.7-rc.3

v0.13.0

v0.13.0-rc.1

v0.13.0-rc.2

v0.13.0-rc.3

v0.13.1

v0.13.2

v0.13.3

v0.13.4

v0.13.5

v0.14.0

v0.14.0-rc.1

v0.14.0-rc.2

v0.14.0-rc.3

v0.14.0-rc.4

v0.14.0-rc.5

v0.14.0-rc.6

v0.14.1

v0.14.2

v0.14.2-rc.1

v0.14.2-rc.2

v0.14.2-rc.3

v0.14.3-rc.1

v0.15.0

v0.15.0-rc.1

v0.15.0-rc.2

v0.15.0-rc.3

v0.15.0-rc.4

v0.15.0-rc.5

v0.15.0-rc.6

v0.15.1

v0.15.2

v0.15.3

v0.15.4

v0.15.4-rc.1

v0.15.5

v0.15.5-rc.1

v0.15.6

v0.15.6-rc.1

v0.15.6-rc.2

v0.15.7

v0.15.7-rc.1

v0.15.7-rc.2

v0.16.0

v0.16.0-rc.1

v0.16.0-rc.2

v0.16.1

v0.16.1-rc.1

v0.16.2

v0.16.3

v0.16.3-rc.1

v0.16.3-rc.2

v0.16.4

v0.16.4-rc.1

v0.16.5

v0.16.5-rc.1

v0.16.6

v0.17.0

v0.17.0-rc.1

v0.17.1

v0.17.2

v0.17.3

v0.17.3-rc.1

v0.17.4

v0.17.5

v0.17.6

v0.17.6-rc.1

v0.17.6-rc.2

v0.17.7

v0.17.8

v0.17.8-rc.1

v0.17.9

v0.17.9-rc.1

v0.3.0

v0.4.0

v0.4.1

v0.5.0

v0.6.0

v0.6.1

v0.7.0

v0.7.1

v0.7.2

v0.7.3

v0.7.4

v0.7.4-r1

v0.7.5

v0.7.5-r1

v0.7.5-r2

v0.7.5-r3

v0.8.0

v0.8.1

v0.8.2

v0.8.3

v0.9.10

v0.9.10-rc.1

v0.9.2

v0.9.3

v0.9.4

v0.9.5

v0.9.6

v0.9.6-rc.1

v0.9.7

v0.9.7-rc.1

v0.9.7-rc.2

v0.9.7-rc.3

v0.9.8

v0.9.8-rc.1

v0.9.8-rc.2

v0.9.8-rc.3

v0.9.9

v0.9.9-rc.1

v0.9.9-rc.2

v1.*

v1.0.0

v1.0.0-rc.1

v1.0.0-rc.2

v1.0.1

v1.0.2

v1.0.2-rc.1

v1.0.2-rc.2

v1.0.2-rc.3

v1.0.3

v1.0.4

v1.0.4-rc.1

v1.0.5

v1.0.6

v1.0.6-rc.1

v1.0.7

v1.0.8

v1.1.0

v1.1.0-rc.1

v1.1.1

v1.1.2

v1.2.0

v1.2.0-rc.1

v1.2.1

v1.2.2-rc.1

v1.2.2-rc.2